diff --git a/README.md b/README.md
index 210d508..e6641ef 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,14 @@
-# CodeSentinel-DEMO
\ No newline at end of file
+# CodeSentinel-DEMO
+
+# Mock login function
+def login(username, password):
+    import sqlite3
+    db = sqlite3.connect("users.db")
+    cursor = db.cursor()
+    
+    # CRITICAL BUG: SQL Injection vulnerability (string concatenation)
+    query = "SELECT * FROM users WHERE name = '" + username + "' AND pass = '" + password + "'"
+    cursor.execute(query)
+    
+    # CRITICAL BUG: Memory leak (file/database connection is never closed!)
+    return cursor.fetchone()